Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LANDESK Management Suite 安全漏洞
Vulnerability Description
LANDESK Management Suite是美国LANDESK公司的一套IT系统管理解决方案。该方案支持软件分发,报警与监控,远程管理和控制桌面、服务器和移动设备等。 LANDESK Management Suite 2016.4版本和2017.x版本中存在安全。攻击者可通过发送HTTP载荷中带有目标用户名的URI利用该漏洞检索密钥/令牌,从而访问/更新其他用户的对象。
CVSS Information
N/A
Vulnerability Type
N/A